How to upload scan outputs from minIO (ex. Nmap, Nikto, Sslyze, Zap) to OWASP DefectDojo? #1021
-
|
I have problem uploading the findings of minIO securecodebox outputs to OWASP DefectDojo. Screenshot of Error https://drive.google.com/file/d/1PqVOazjr7r_1oMPf6SQsh8_iPFgnqkjC/view?usp=sharing I try following these steps https://github.com/DefectDojo/django-DefectDojo/blob/dev/readme-docs/KUBERNETES.md then https://docs.securecodebox.io/docs/hooks/defectdojo/ This is the link for the scanners https://github.com/secureCodeBox/secureCodeBox/tree/main/scanners The Error: 2022-03-07 07:23:54 INFO DefectDojoPersistenceProvider:35 - Downloading Scan Result ence provider 2022-03-07 07:23:56 INFO DefectDojoPersistenceProvider:39 - Uploading Findings to DefectDojo at: http://defectdojo.default.minikube.local:8080/ tDojo at: http://defectdojo.default.minikube.local:8080/ Exception in thread "main" org.springframework.web.client.ResourceAccessException: I/O error on GET request for "http://defectdojo.default.minikube.locarror on GET request for "http://defectdojo.default.minikube.local:8080/api/v2/users/": defectdojo.default.minikube.local; nested exception is java.net.UnknownHostException: defectdojo.default.minikube.local at org.springframework.web.client.RestTemplate.doExecute(RestTemplate.java:785) at org.springframework.web.client.RestTemplate.execute(RestTemplate.java:751) rnalSearch(GenericDefectDojoService.java:151) at org.springframework.web.client.RestTemplate.exchange(RestTemplate.java:621) ch(GenericDefectDojoService.java:167) at io.securecodebox.persistence.defectdojo.service.GenericDefectDojoService.intechUnique(GenericDefectDojoService.java:187)rnalSearch(GenericDefectDojoService.java:151) ionedEngagementsStrategy.java:82) at io.securecodebox.persistence.defectdojo.service.GenericDefectDojoService.search(GenericDefectDojoService.java:167) at io.securecodebox.persistence.defectdojo.service.GenericDefectDojoService.searchUnique(GenericDefectDojoService.java:187) at io.securecodebox.persistence.strategies.VersionedEngagementsStrategy.run(VersionedEngagementsStrategy.java:82) at io.securecodebox.persistence.DefectDojoPersistenceProvider.main(DefectDojoPersistenceProvider.java:42) Caused by: java.net.UnknownHostException: defectdojo.default.minikube.local at java.base/java.net.AbstractPlainSocketImpl.connect(AbstractPlainSocketImpl.java:229) at java.base/java.net.Socket.connect(Socket.java:609) at java.base/java.net.Socket.connect(Socket.java:558) at java.base/sun.net.NetworkClient.doConnect(NetworkClient.java:182) at java.base/sun.net.www.http.HttpClient.openServer(HttpClient.java:474) at java.base/sun.net.www.http.HttpClient.openServer(HttpClient.java:569) at java.base/sun.net.www.http.HttpClient.(HttpClient.java:242) at java.base/sun.net.www.http.HttpClient.New(HttpClient.java:341) at java.base/sun.net.www.http.HttpClient.New(HttpClient.java:362) at java.base/sun.net.www.protocol.http.HttpURLConnection.getNewHttpClient(HttpURLConnection.java:1253) at java.base/sun.net.www.protocol.http.HttpURLConnection.plainConnect0(HttpURLConnection.java:1187) at java.base/sun.net.www.protocol.http.HttpURLConnection.plainConnect(HttpURLConnection.java:1081) at java.base/sun.net.www.protocol.http.HttpURLConnection.connect(HttpURLConnection.java:1015) at org.springframework.http.client.SimpleBufferingClientHttpRequest.executeInternal(SimpleBufferingClientHttpRequest.java:76) at org.springframework.http.client.AbstractBufferingClientHttpRequest.executeInternal(AbstractBufferingClientHttpRequest.java:48) at org.springframework.http.client.AbstractClientHttpRequest.execute(AbstractClientHttpRequest.java:66) at org.springframework.web.client.RestTemplate.doExecute(RestTemplate.java:776) ... 7 more Thank you for the reponse! |
Beta Was this translation helpful? Give feedback.
Replies: 2 comments 6 replies
-
|
Hi 👋 The default URL referenced in the DefectDojo docs ( Only changing the url in the secureCodeBox DefectDojo hook probably won't be enought as you will also have to update DefectDojo to be allowed to answer to the the internal url. (DefectDojo has DNS Rebind Protection enabled by default so that it'll only answer requests for domain names it is configured to run under) You can change that using the |
Beta Was this translation helpful? Give feedback.
-
|
Its still the same command as described in the DefectDojo docs: I've you want to make local port-forwarding easier you can also add You should then be able to access defectdojo under localhost:8080 |
Beta Was this translation helpful? Give feedback.
-
|
Hi, I'm sorry for not getting back to you sooner. We try connecting securecodebox and DefectDojo for weeks and change it to different websites (localhost, defectdojo-django.default.svc) and still didn't work. I also try your reply (helm upgrade defectdojo ... --set="host=defectdojo-django.default.svc") and still having problems. This is the command that I input: helm upgrade One problem that I think of is that the pods are not connecting because of EmptyDir (pod for the scan output and the other pod for defectdojo webhook). Can that be solved? |
Beta Was this translation helpful? Give feedback.
-
Hi J12934. I have a similar issue and have followed the above recommended fix but encountered a new error which i am not familiar and this is it 2022-03-16 04:16:42 INFO DefectDojoPersistenceProvider:24 - Starting DefectDojo persistence provider |
Beta Was this translation helpful? Give feedback.
-
|
These both still seem to be issues with the DefectDojo installation. You can then make sure that this ingress is working correctly from your computer, once that up and runnign you can configure the secureCodeBox DefectDojo hook to use the same external url. |
Beta Was this translation helpful? Give feedback.
-
|
Noted, I will try this. |
Beta Was this translation helpful? Give feedback.
-
|
Inspired by this question (amongst others), we created a detailed tutorial on how to connect the secureCodeBox and DefectDojo (and ElasticSearch): https://www.securecodebox.io/docs/how-tos/persistence-storage Hope it solves the issue! |
Beta Was this translation helpful? Give feedback.
Inspired by this question (amongst others), we created a detailed tutorial on how to connect the secureCodeBox and DefectDojo (and ElasticSearch): https://www.securecodebox.io/docs/how-tos/persistence-storage
Hope it solves the issue!